Can of Chips May Have Played a Role in TJ Maxx Identity Theft

Interview Transcript

KPIX News Interview (5/4/2007)

Anchor person: Ken Bastida

Interviewer: Robert Lyles, KPIX Reporter

Interviewee: Tony DiMatteo, Consultant with All Covered

Air Date: Friday, May 4, 2007

Television Station: Channel 5 KPIX 11 o’clock news (CBS affiliate)

Ken Bastida: And we’re learning more tonight about the hackers who caused a huge security breech at discount department store chains all across the country.  Apparently, they pulled off their high tech crime using a snack food container.  Robert Lyles tells us more about this bizarre, but very effective tool.  Robert. 

 

Robert Lyles: Well Ken, get this. This last February, the parent company for TJ Maxx said that they have spared no expense trying to figure out how and who hacked into their computer system.  Well now, they’re still being tight-lipped about how that happened, but we know it happened with a two dollar can of potato chips. How did Marshall’s and TJ Maxx get ripped off? 

 

Tony DiMatteo: The wireless network was left completely unencrypted. 

Robert Lyles: Security expert, Tony DiMatteo of (All Covered, a computer security firm) , says Marshall’s and TJ Maxx made it easy because the discount stores sends credit card data wirelessly.  But an explosive investigation by the “Wall Street Journal” found their Wi-Fi is:

 

Tony DiMatteo: Actually, less than most home networks come equipped with these days.

 

Robert Lyles: A hacker figured that out.  Not by hours of programming, but the  “Wall Street Journal” is reporting that the hackers sat in a Marshall’s parking lot in St. Paul, Minnesota armed with a laptop and a telescope-shaped antenna, to intercept the store’s data.  We now know an ordinary laptop, a wireless card, and of all things a can of Pringles.

Tony DiMatteo: They’re often called a “can-tenna.”

Robert Lyles: Here’s how experts say it works.  The hacker takes the traditional wireless card, jimmy-rigs a Pringles can to fit over the card because there’s foil inside, the card is now a powerful antenna.

 

Tony DiMatteo: It allows them to capture all the data that’s floating through the air.

Robert Lyles: Recording every credit card transaction and every employee password.  All because the St. Paul store allegedly didn’t encrypt or computer-protect the information, so the hacker not only got local credit card information, but it allowed him to break into the company’s main computer.

 

Tony DiMatteo: The hackers must have had a very high level of sophistication to actually break into the corporate service.

 

Woman 1: So what does that mean for us?

Woman 2: Marshall’s needs to do something.  They need to get their security on board.

 

Tony DiMatteo: To tell you the truth, I’m not surprised.  A lot of large companies do not protect themselves the way they should.

 

Robert Lyles: Well Ken, the security expert goes on to say that it’s highly unlikely that this lack of security is limited to TJ Maxx and Marshall’s.  He says in his experience, it appears that most retail stores only use a firewall, and as we saw, one layer of security can easily be breeched by the “can-tenna.”  Ken.

Ken Bastida: Unbelievable.  Robert Lyles in San Jose.  Thanks, Robert.